Update on Latest Monero-Stealing MEGA Chrome Extension Phishing Attempt
If you are a user of the MEGA Chrome extension, beware. The latest edition of this application has been infected with malware, so you should delete it immediately from your computer and decline whenever it asks you to read data on all websites or you might suffer a phishing attempt and even lose some of your cryptocurrencies.
The MEGA cloud storage extension for Chrome is a very popular app and, according to our reports, the 3.39.4 version of the software was breached. Only the Chrome version was affected, though, not the Firefox version of the program. Fortunately, Google already removed it from the store.
What Does This New Malware Do?
In case you are using the extension (or used and deleted it, as should), you have to know that it might have collected information (including passwords) on your Google, Facebook, MyEtherWallet, MyMonero, Github, Microsoft Live and OneDrive accounts. You should change your passwords and uninstall the program as soon as possible to avoid being compromised.
The update asks for permission to read data from all websites and this is what many users recognized as a huge red flag that helped to unmask the scam.
As the account that updates the extension has not been updating for months, we believe that the account responsible for doing so might have been compromised recently. It was not clear, however, what happened, so we can only speculate. At the time of this report, the MEGA did not respond to any kind of breach within the team’s Google Webstore account.
Developers from the community, including from the two wallets affected by the phishing malware, have recommended people to delete the extension as soon as possible and to even use another wallet in case they gave permission for it to read the browser’s information.
Not The First Time
Unfortunately, this is far from being the first time that the Chrome Store is used to distribute malware. Recently, a malicious version of MetaMask was briefly updated to the store after the real version of the program was removed from the store by mistake,which caused some trouble for people.